Recently a security vulnerability has been discovered that affect many Debian based Linux distributions.
APT is one of the commonly used package managers for Debian based Linux distributions such as Ubuntu, Linux Mint, Elementary OS, and more.
Max Justicz has discovered a vulnerability on APT package manager earlier which allows intruder to use APT package manager to execute arbitrary code during the update or the installation process through the package manager as network man-in-the-middle to execute the malicious code.
So we could have a better understanding how this vulnerability would affect the security of the system. Let’s check what would happen during the update/install process of any package using APT package manager.
During the update or the install process of package, worker process communicates to currently active repositories through HTTP requests to fetch the required packages and the parent process determine the specifically the required dependencies and where to install it on the system. All this process with administration privileges already granted.
The parent process check the recent responds from the worker process and could blindly append a new request through the currently established HTTP connection and execute the code of the intruder without even detecting the validity of the file hashes. As if the intruder was capable of remotely be in network man-in-the-middle to execute the code.
Debian and Ubuntu Linux distributions have released an updated version of APT package manger in order to address the recently discovered vulnerability. So, it’s highly recommended to keep the system up to date.
Ubuntu 18.10, Ubuntu 18.04, Ubuntu 16.04 and Ubuntu 14.04 have released a bug fixes update for APT package manager.
[How to]: Safely update Ubuntu’s and Debian’s APT package manager
Disabling HTTP redirects during the update process would protect during the update process to forbid the HTTP redirects.